tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

drm: prime: Honour O_RDWR during prime-handle-to-fd

Currently DRM_IOCTL_PRIME_HANDLE_TO_FD rejects all flags except
(DRM|O)_CLOEXEC making it difficult (maybe impossible) for userspace
to mmap() the resulting dma-buf even when this is supported by the
DRM driver.

It is trivial to relax the restriction and permit read/write access.
This is safe because the flags are seldom touched by drm; mostly they
are passed verbatim to dma_buf calls.

v3 (Tiago): removed unused flags variable from drm_prime_handle_to_fd_ioctl.

Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Tiago Vignatti <tiago.vignatti@intel.com>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1450820214-12509-2-git-send-email-tiago.vignatti@intel.com

authored by

Daniel Thompson and committed by
Daniel Vetter bfe981a0 10c1b618

+4 -7
+3 -7
drivers/gpu/drm/drm_prime.c
··· 329 329 * drm_gem_prime_export - helper library implementation of the export callback 330 330 * @dev: drm_device to export from 331 331 * @obj: GEM object to export 332 - * @flags: flags like DRM_CLOEXEC 332 + * @flags: flags like DRM_CLOEXEC and DRM_RDWR 333 333 * 334 334 * This is the implementation of the gem_prime_export functions for GEM drivers 335 335 * using the PRIME helpers. ··· 628 628 struct drm_file *file_priv) 629 629 { 630 630 struct drm_prime_handle *args = data; 631 - uint32_t flags; 632 631 633 632 if (!drm_core_check_feature(dev, DRIVER_PRIME)) 634 633 return -EINVAL; ··· 636 637 return -ENOSYS; 637 638 638 639 /* check flags are valid */ 639 - if (args->flags & ~DRM_CLOEXEC) 640 + if (args->flags & ~(DRM_CLOEXEC | DRM_RDWR)) 640 641 return -EINVAL; 641 642 642 - /* we only want to pass DRM_CLOEXEC which is == O_CLOEXEC */ 643 - flags = args->flags & DRM_CLOEXEC; 644 - 645 643 return dev->driver->prime_handle_to_fd(dev, file_priv, 646 - args->handle, flags, &args->fd); 644 + args->handle, args->flags, &args->fd); 647 645 } 648 646 649 647 int drm_prime_fd_to_handle_ioctl(struct drm_device *dev, void *data,
+1
include/uapi/drm/drm.h
··· 669 669 __u64 value; 670 670 }; 671 671 672 + #define DRM_RDWR O_RDWR 672 673 #define DRM_CLOEXEC O_CLOEXEC 673 674 struct drm_prime_handle { 674 675 __u32 handle;